security – WP-JSON: Cross Origin Resource Sharing Vulnerability?


I am testing the security of a webpage owned by the company I work for. I noticed that an arbitrary origin is accepted. In the screenshot below, you’ll see that I added that example origin which was reflected in the response accordingly.

I am not the admin of this web page nor am I logged into it. I am testing it remotely like an external user. However, If I was logged in, I’m wondering if I could see cookies/API Keys etc in the response? Is this a vulnerability that needs to be fixed or is this just normal, secure word press behavior?

enter image description here

UbuntuNoob 2 months 2022-12-02T21:23:05-05:00 0 Answers 0 views 0

Leave an answer